Reputation: 314
How to authenticate by smart card as a fallback to windows authentication in httpClint/httpListener
I'm using Owin to self host a web application.
The authentication scheme defined at the server is as follows:
HttpListener listener = (HttpListener)app.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
My client's code looks like:
using (var webRequestHandler = new WebRequestHandler {UseDefaultCredentials = true})
using (var httpClient = new HttpClient(webRequestHandler))
{
var responseCode = httpClient.PostAsync("https://server:443/myapi/dosomething/", null).Result.StatusCode;
Console.WriteLine(responseCode == HttpStatusCode.OK ? "Success" : "Failure");
}
This works great when the logged-on user on the client's machine is a user known by the server's machine.
The problems begin when, for example, the client's machine is not domain joined and the client is run by a local user. In that case, I have extended my client a bit, as follows:
HttpStatusCode responseCode;
using (var webRequestHandler = new WebRequestHandler {UseDefaultCredentials = true})
using (var httpClient = new HttpClient(webRequestHandler))
{
responseCode = httpClient.PostAsync("https://server:443/myapi/dosomething/", null).Result.StatusCode;
}
if (responseCode == HttpStatusCode.Unauthorized)
{
string username;
string password;
// prompt user for credentials and store them at the above variables
using (var webRequestHandler = new WebRequestHandler { Credentials = new NetworkCredential(username, password)})
using (var httpClient = new HttpClient(webRequestHandler))
{
responseCode = httpClient.PostAsync("https://server:443/myapi/dosomething/", null).Result.StatusCode;
}
}
Console.WriteLine(responseCode == HttpStatusCode.OK ? "Success" : "Failure");
And this solves it, but I'm limited to perform the fallback authentication using username/password only.
My problem is that I need to support smart card authentication as well as username/password authentication.
Upvotes: 3
Views: 1151
Answers (1)
Reputation: 1076
Assuming that "smart card authentication" is done via client-side certificates, you can enable this feature either by:
configuring
HttpClientto automatically select a certificatevar client = new HttpClient( new HttpClientHandler{ ClientCertificateOptions = ClientCertificateOption.Automatic });or by configuring
HttpClientwith a previously selected certificatevar clientHandler = new WebRequestHandler(); clientHandler.ClientCertificates.Add(cert); var client = new HttpClient(clientHandler);
where cert is a certificate with an associated private key.
You can read more about this on Client Authentication
Upvotes: 1
Related Questions
- Can we use smart card authentication in Client Server Architecture?
- NTLM authentication and smartcards
- Smart card authorization in web form
- Smart card authentication using a client certificate
- Sign data using smart card's private key with ASP.NET, Windows Authentication, and Impersonation
- Java HttpClient authentication with smart card
- Smart Card Authentication with ASP.NET
- Verify windows log-in via smart card
- Smartcard authentication for .NET
- How can i access to smartcard from ASP.NET site?